mostly stashing this here so i don't forget.
Http::isValidURI is very lax. For example:
Http::isValidURI('afsddfa fdsa fda fda dehttp://example.com fdfad This is not a url!') == true
even thought thats clearly not a valid uri.
Version: 1.18.x
Severity: enhancement